HR-Driven User Provisioning - living organisational design by adopting Poke-Yoke concepts
I am currently working with a financial services client on a major transformation program. This program is not just a system upgrade but a complete top to bottom change of business structures, processes and systems. Today I want to share just one very small part of that journey.
One of the biggest challenges in a major transformation is embedding the new business model. As the wise consultant says "Culture (and habits) trump process (and design)" In this case all the organisational structures have been redesigned and new processes created along with new core IT systems. We wanted to make this new design a lived experience, not just something on paper. Traditionally this is done via continuous process auditing and incremental correction. We approached the problem differently.
Knowing that people need access to business applications to perform specific roles, what we did is model the organisation in the HRIS system, right down to business roles and mapped these to application security roles. We also stopped the traditional process of requesting access of systems via the IT help desk. Then we commissioned Patient Zero to connect the HRIS system (#Aurion) to the Identity & Access Management system (#Okta). Now when a person gets placed into their position all the roles they fill automatically generate the accesses in the business systems they need. If your role says you need Visio, then it magically appears on your computer desktop. If you need to trade derivatives, then this is specified in your position description and access to the trading platforms is provisioned.
This took a big change in the HR department as they, for the first time, really needed to understand what people actually do in their jobs. We also had to resource them to provide prompt accurate customer service to requests from people.
The benefits:
- For the first time this organisation really knows what people do in their jobs, meaning that auditing compliance leave, separation of duties and other operational risk suddenly go a whole lot easier.
- It improves the provisioning and de-provisioning process, reducing waste - the major waste was over provisioning of IT services, multiple approvals, and wasted time waiting for access requests to be vetted.
- It is driving adoption of the new business processes. The roles and security accesses are designed to support the new business operating model. By centrally managing this we reduce the chance of going back to old ways and not embedding the change.
Why does it work and what does it teach us?
In the Lean management system I studied with Toyota back in the 90s, they had a term 'Poke Yoke'. This means to design a process to make mistakes or errors impossible and if they occur, at least make them visible. By using the integration of systems to force people to work to the business design, we are adopting one of the key principles of Lean. If your role definition does not align with what your manager is asking you to do in the real world, you will need to get your role description fixed. Rather than doing this through the IT service management system but through HR data fixes, we make sure there is close alignment between real work and the organisational design. It's just not possible to make a change that breaks this. Poke Yoke!
I hope this was of interest and might give you some ideas on how you can implement similar organisation change processes.